Tuesday, June 17, 2014

Ancestry.com DDOS Attack Press Release

I received this press release from Ancestry at 1:45 today:

Distributed Denial of Service Attack Neutralized

Around 1:30 p.m. MT on Monday, June 16, 2014, attackers targeted Ancestry with a Distributed Denial of Service attack (DDoS). During the attack, Ancestry websites along with the Find A Grave website were clogged with massive amounts of bogus traffic that took the sites down.

We want to apologize for the inconvenience this has caused and also thank you for your amazing support, as this may have interrupted some of your family history research. We understand how frustrating this can be for our customers, and please know that it was just as frustrating for us too. We appreciate your patience and support as we dealt with this unfortunate incident against Ancestry.

We have since neutralized the DDoS attack and our services have been up since 11:00 a.m. MT today. You should now be able to access all Ancestry and Find A Grave websites, though you may experience issues intermittently as we continue to work through bringing the sites back up to full capacity.

Your data was not compromised by this attack. This attack overloaded our servers with massive amounts of traffic but did not impact or access the data within those servers. No data was impacted in any way.

I would like to thank the Ancestry Web Operations team for working really hard throughout the night to restore the Ancestry and Find A Grave services and build the defenses necessary to mitigate future attacks of this sort. Our Web Operations team is closely monitoring the situation in case the attacks resume and we’re doing everything in our power to protect our websites from situations like this in the future.

Thank you.

Scott Sorensen
Chief Technology Officer


If you are wondering what a DDOS might be, this is a great explanation at You Tube


  1. rolls eyes at these people with no life. ancestry and find-a-grave sites are valuable sources of information for genealogists. thanks for all you do.

  2. Thank you for bringing this to our attention! It's frustrating to deal with people who don't care anything but cause havoc! Thanks again.

  3. i don't think it's people with no life.. I think it's people pissed with their decisions as of late to shut down dna testing for mt and y dna and their deceision to shut down mundia my canvas my family etc etc

  4. well, it's june 18 and i still can't access FAG

  5. It is pretty obvious that this alleged DOS attack happened right after a fathers day membership special added a large amount of users to the site, all at the same time.

    Also.. there is not a 'recovery process' from a DOS attack. By its definition, a DOS attack does not actually damage anything or corrupt any data. It only floods the site with more queries and connections than it can handle. It should take hours to get back into full service from what is ONLY a DOS attack.

    I suspect that the real issue is over-selling the site and under-provisioning the resources needed to handle the influx of new customers all at once. This is not in my opinion a DOS attack, anymore than the Obamacare signup web site connection issues was a DOS attack.

    Like the Obamacare web site problems, Ancestry brought in a load of new customers onto the site all at the same time, and they did not set up the we resources to allow them all to connect and browse the site. I think they are probably in a panic to rush the expansion of their server space and resources to allow the expanded user base to utilize the site along with the long time members.. meaning that the so called 'recovery' efforts are actually more accurately REMEDIATION efforts that should have taken place before they over-sold site access - not a war against a imagined and unidentified cabal of hackers who hate your grandpa joe.

    If this is eventually proven to be the case.. and this is fairly easy to do if given access to the remediation efforts, then Ancestry owes everyone a significant refund for failing to take the proper efforts to allow all customers to use their site after the fathers day membership sale. Most Ancestry.com customers are in the USA (although not all are) and a outage caused by the fathers day sale should show a USA-based surge in connection attempts hitting the site.
    A legitimate Botnet run by actual hackers is going to have connection attempts that are widely distributed from IP addresses across the planet and in foreign countries, in addition to american IP addresses. Also, the connection attempts in a legit hacker effort will be much more rapid and malicious that a simple overload of users slowing the site to a crawl..

    Another reason I strongly suspect that they are victims NOT OF HACKERS, but of their own 'membership sale' is that no details of the source alleged DOS attack have been mentioned or any other details that would be part of the remediation effort. A site afflicted with too many users for its available resources runs a lot differently and its site logs will show a much different connection pattern / frequency than a site which is being bombarded by a global botnet.

    Releasing some details would make it fairly easy to discern whether this is really the script kiddie 'Hax0r' attempt the company claims it to be, or if it really is simply the result of overloading the site with more users than the IT personnel employed by the company made provisions to serve data for..

    If this is a site failure to expand resources in response to a flood of new users, that is being attributed to some shady hackers, we need to know about it and the company needs to deal with its own internal personnel issues with extreme prejudice.